What Is Anthropic Project Glasswing?
Anthropic launched Project Glasswing in June 2026 as a controlled, invitation-only program giving select organizations early access to Claude Mythos Preview -- Anthropic's unreleased frontier model -- specifically for cybersecurity vulnerability discovery.
The six founding participants are AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft. Each receives controlled API access to Claude Mythos Preview to run against their codebases, infrastructure, and software supply chains to surface critical vulnerabilities before they can be exploited.
Why This Matters for CISOs in 2026
Cybersecurity buying committees have expanded to an average of eight stakeholders in 2026 -- executives, finance, IT, operations -- all with different definitions of risk and value. The cost and complexity of evaluating new security vendors is higher than ever.
Project Glasswing signals two things CISOs need to internalize:
1. AI is now a serious defensive security tool. Claude Mythos Preview's 1-million-token context window can ingest entire codebases, network configurations, and compliance documentation simultaneously -- the capability gap prior models could not bridge for serious security review.
2. Access to frontier AI for security will be tiered. The same week Anthropic's Claude Fable 5 was suspended under US export controls, Glasswing participants retained controlled access to Mythos Preview. Regulatory frameworks are settling into use-case-specific access, and cybersecurity is an approved lane.
How AI-Assisted Vulnerability Finding Works at Scale
The Glasswing organizations are reportedly using Claude Mythos Preview to:
- Identify logic flaws in authentication and authorization code across entire repositories
- Surface hardcoded credentials and insecure API configurations
- Flag vulnerable dependencies across software supply chains
- Cross-reference internal code against CVE databases and security policies
These tasks previously required multiple specialized scanning tools plus human security engineers spending hours to days per audit cycle. With a 1M-token context window, a single model can hold the entire scope in view simultaneously.
What This Means for Cybersecurity Vendors Selling to CISOs
If you sell security tools to CISOs and are not leading with an AI-forward narrative in your outreach, you are behind the conversation your buyers are already having.
Project Glasswing is publicly visible. CISOs at companies outside the Glasswing six are watching what AWS, Cisco, and Google are doing with Claude Mythos and asking their vendors the same questions.
The challenge for cybersecurity vendors is that CISOs are deluged with outreach -- cold email reply rates for security are at record lows in 2026. The highest-converting pipeline channel for CISO meetings is still expert-led events focused on their current threat priorities.
At LinkedOtter, we placed 38 C-level attendees at RSA from 1,266 targeted prospects with an invite focused on identity security -- a topic directly relevant to what CISOs are being pressured on. That is the motion that still cuts through.
The Regulatory Signal: AI Access Is Being Calibrated by Use Case
The juxtaposition of Fable 5's suspension and Glasswing's continuation in the same week is significant. US regulators are not banning AI -- they are segmenting access. Broad public use of frontier models faces export controls. Controlled use for high-value security research is permitted.
For CISOs evaluating AI vendor claims, this is important context. Not all AI access is equal. Ask your vendors what model tier they have access to and whether that access is subject to regulatory conditions.
Key Takeaways for CISOs
- Six of the world's largest tech and financial organizations are now using Claude Mythos Preview for live vulnerability discovery
- AI-assisted code review at 1-million-token context scale is operational, not theoretical
- US regulatory framework is approving cybersecurity as a controlled access lane for frontier AI
- Cybersecurity vendors need an AI-credible story to win CISO attention in 2026
- Expert-led events focused on current CISO priorities convert better than cold outbound at record-low reply rates